Skip BIGTK generation for non-zero ID VLAN groups

Beacon frames transmitted by the AP are per BSS and not per VLAN. So
skip BIGTK generation and configuration to the driver for groups that
have a non-zero VLAN ID. For stations associating on non-zero VLAN IDs,
in EAPOL-Key msg 3/4 and group handshake message 1, populate the BIGTK
from the default VLAN group.

Signed-off-by: Sai Pratyusha Magam <smagam@qti.qualcomm.com>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index d64ca62b3f34289d898518a915975e84315db9e4..49268b21e2b348c90d89f392404680bf88fd88ff 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -4193,6 +4193,11 @@ static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
                          NULL, 0);
        forced_memzero(&igtk, sizeof(igtk));
 
+       if (gsm->vlan_id) {
+               wpa_printf(MSG_DEBUG, "Fetch BIGTK from default VLAN");
+               gsm = wpa_auth->group;
+       }
+
        if (wpa_auth->conf.tx_bss_auth) {
                wpa_auth = wpa_auth->conf.tx_bss_auth;
                conf = &wpa_auth->conf;
@@ -4333,6 +4338,11 @@ void wpa_auth_ml_get_key_info(struct wpa_authenticator *a,
        if (!beacon_prot)
                return;
 
+       if (gsm->vlan_id) {
+               wpa_printf(MSG_DEBUG, "Fetch BIGTK from default VLAN");
+               gsm = a->group;
+       }
+
        if (a->conf.tx_bss_auth) {
                a = a->conf.tx_bss_auth;
                gsm = a->group;
@@ -5812,6 +5822,11 @@ static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
                                group->IGTK[group->GN_igtk - 4], len);
        }
 
+       /* Skip BIGTK generation for groups with a non-zero VLAN ID since only
+        * a single BIGTK is shared for all VLANs in a BSS. */
+       if (group->vlan_id)
+               return ret;
+
        if (!wpa_auth->non_tx_beacon_prot &&
             !wpa_auth_pmf_enabled(conf))
                return ret;
@@ -6140,7 +6155,10 @@ static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
                                     KEY_FLAG_GROUP_TX_DEFAULT) < 0)
                        ret = -1;
 
-               if (ret || !conf->beacon_prot)
+               /* Skip setting of BIGTK for groups with a non-zero VLAN ID
+                * since only a single BIGTK is shared for all VLANs in a BSS.
+                */
+               if (ret || !conf->beacon_prot || group->vlan_id)
                        return ret;
                if (wpa_auth->conf.tx_bss_auth) {
                        wpa_auth = wpa_auth->conf.tx_bss_auth;